[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dhcp and masquerade

You'll have to be a bit more specific with what you want to do, ie. "use my linux box as MASQ router, routing internal traffic from eth1 out to ppp0".
I will assume this, and "run a dhcp server on my eth1".

Charles Lewis wrote:

I've got masquerade working on my home network (my linux box is running
2.4.17 currently), but I'm not sure how to configure dhcp. Here is my
/etc/network/interfaces (I have an eth0 also that I was using when I used to
be on a LAN, but it is now commented out, and not being used for anything,
since my internet feed is now coming through ppp0):

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet static
       up echo "1" >/proc/sys/net/ipv4/ip_forward
       up /sbin/iptables -t nat -A POSTROUTING -s -o ppp0 -j
       down echo "0" >/proc/sys/net/ipv4/ip_forward
       down /sbin/iptables -t nat -F

Consider using stronger firewalling... it's well worth it.

I assume that I would change 'static' to 'dhcp' above and leave the address
line out? However, the default dhcpd.conf has references to DNS that I don't
know what to do with. Here it is (with comments removed):

No. You have to understand the difference between dhcp server and client. /etc/network/interfaces specifies how the interfaces get their addresses. If you want your linux box to deal out addresses, you should give a static address to it. This is done in the interfaces file. dhcpd.conf is the config file for the dhcp server. Client stuff is in /etc/dhclient.conf. This doesn't usually need to be changed. I'll help you on the way with configuring;

option domain-name "fugue.com";

This line is optional; use it if you run DNS services on your internal network. You'll need the bind packages for this to be of any use. Note that without DNS, you can only access computers on your internal network by their IP. You can leave this line specified as: "";

option domain-name-servers toccata.fugue.com;

If you don't plan to run your own DNS services, the easiest way to conigure this line is to add the IP of your ISP DNS server. Several servers separated by a comma (,).

option subnet-mask;

Specify the netmask. If this is already OK then leave it. If you don't know what to use, than specify In this case internal addresses can be between and (don't use 0 and 255). Note that it should be the same as eth1 in your interfaces file. Using .255 is the easiest way.

default-lease-time 600;
max-lease-time 7200;

Dhcp address renewal time and maximum requestable time. Leave these if they don't cause problems. They shouldn't.

The DHCP mini-howto had the following example:

option broadcast-address;

This is in your case the last address of your internal network. with netmask it is .255,

option routers;

The IP of your gateway (eth1). Use

option domain-name-servers,;
option domain-name "mydomain.org";

The following part specifies which addresses to lease.

subnet netmask {

You need on of these lines. Don't lease any staticly specified addresses, like your eth1.


If you want an internal machine always to have the same address, add an entry like:

host nameofmachine {
       hardware ethernet MAC;
       fixed-address IP;

For example the machine "linuxbox" with MAC address "00:50:11:AA:DD:CC" and wanted IP "" looks like:

host linuxbox {
       hardware ethernet    00:50:11:AA:DD:CC;

Remember to have this entry BEFORE the closing bracket (}) for subnet. Thus you'll have two of them (}}) after your last "fixed-address" line.

I'm not sure what to put for "domain-name" or "domain-name-server", since
I'm just running a little home network. Also, do I need the
"broadcast-address" and "routers" entries that the how-to suggests? What
about "subnet-mask",etc. I just want to be able to plug into my network with
any pc and have an ip assigned. (Of course, the server itself gets its ip
dynamically assigned by the ISP)

You need all of them but "domain-name", as explained earlier.
To start the dhcp server run "dhcpd eth1". For testing, using the -f option will run dhcpd in the foreground and display what it does. To automatically start the dhcp server edit /etc/init.d/dhcp and set "run_dhcpd" to 1. Then add the interface name eth1 after the dhcp command in the start and restart sections in the same file.
You should be all set up.

Charles Lewis

Reply to: